Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

IDS4210 can't reset tcp connections of all unwanted e-mails

Hi, we have applyed IDS4210 for internet connection, we use the IDS with 1760 router. We have created custom string signature on the IDS. IDS can reset many unwanted e-mail connections (port tcp 25). But some of them (unwanted e-mails) can reach the mail server. IDS can't prevent all of them. we don't want this mails. Our internet connection is 512 FR. How can i prevent this mails? i am waiting your suggestions.

1 REPLY
Cisco Employee

Re: IDS4210 can't reset tcp connections of all unwanted e-mails

If you've set up a string signature, then you may run into problems if that particular string is spread over two TCP packets, the IDS sensor won't pick them up then. If the signature is capturing most of them but missing a few, I'd say that's whats going on. You could verify with a Sniffer trace near your mail server and capture the ones that do get through. You may be able to shorten your string signature to something that will be able to grab it even when it's spread over two packets (or create a couple of string signatures, one with the first portion of the string and one with the last portion).

77
Views
0
Helpful
1
Replies
CreatePlease to create content